Software /
code /
prosody
Changeset
9430:412ff404bf58
net.server_epoll: Delay wrapping sockets in TLS until just before first handshake
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 14 Sep 2018 01:34:38 +0200 |
parents | 9429:5f51710d7c1e |
children | 9431:c3c0523a37c6 |
files | net/server_epoll.lua |
diffstat | 1 files changed, 21 insertions(+), 14 deletions(-) [+] |
line wrap: on
line diff
--- a/net/server_epoll.lua Wed Oct 03 16:41:37 2018 +0200 +++ b/net/server_epoll.lua Fri Sep 14 01:34:38 2018 +0200 @@ -440,15 +440,30 @@ function interface:starttls(tls_ctx) if tls_ctx then self.tls_ctx = tls_ctx; end + self.starttls = false; if self.writebuffer and self.writebuffer[1] then log("debug", "Start TLS on %s after write", self); self.ondrain = interface.starttls; - self.starttls = false; self:set(nil, true); -- make sure wantwrite is set else + if self.ondrain == interface.starttls then + self.ondrain = nil; + end + self.onwritable = interface.tlshandskake; + self.onreadable = interface.tlshandskake; + self:set(true, true); + log("debug", "Prepare to start TLS on %s", self); + end +end + +function interface:tlshandskake() + self:setwritetimeout(false); + self:setreadtimeout(false); + if not self._tls then + self._tls = true; log("debug", "Start TLS on %s now", self); self:del(); - local conn, err = luasec.wrap(self.conn, tls_ctx or self.tls_ctx); + local conn, err = luasec.wrap(self.conn, self.tls_ctx); if not conn then self:on("disconnect", err); self:destroy(); @@ -456,22 +471,17 @@ end conn:settimeout(0); self.conn = conn; + self:on("starttls"); self.ondrain = nil; self.onwritable = interface.tlshandskake; self.onreadable = interface.tlshandskake; return self:init(); end -end - -function interface:tlshandskake() - self:setwritetimeout(false); - self:setreadtimeout(false); local ok, err = self.conn:dohandshake(); if ok then log("debug", "TLS handshake on %s complete", self); self.onwritable = nil; self.onreadable = nil; - self._tls = true; self:on("status", "ssl-handshake-complete"); self:setwritetimeout(); self:set(true, true); @@ -529,10 +539,9 @@ end local client = wrapsocket(conn, self, nil, self.listeners); log("debug", "New connection %s", tostring(client)); + client:init(); if self.tls_direct then client:starttls(self.tls_ctx); - else - client:init(); end end @@ -600,10 +609,9 @@ if not client.peername then client.peername, client.peerport = addr, port; end + client:init(); if tls_ctx then client:starttls(tls_ctx); - else - client:init(); end return client; end @@ -615,10 +623,9 @@ conn:settimeout(0); conn:connect(addr, port); local client = wrapsocket(conn, nil, read_size, listeners, tls_ctx) + client:init(); if tls_ctx then client:starttls(tls_ctx); - else - client:init(); end return client, conn; end